search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
manpages: do not include v4-only modules in ip6tables manpage
[jleu-iptables.git] / extensions / libxt_mark.c
blob0edff7487f8781c7b5c4dd60b9e5e596fb3231c1
1 /* Shared library add-on to iptables to add NFMARK matching support. */
2 #include <stdbool.h>
3 #include <stdio.h>
4 #include <netdb.h>
5 #include <string.h>
6 #include <stdlib.h>
7 #include <getopt.h>
8
9 #include <xtables.h>
10 #include <linux/netfilter/xt_mark.h>
11
12 enum {
13 F_MARK = 1 << 0,
14 };
15
16 static void mark_mt_help(void)
17 {
18 printf(
19 "mark match options:\n"
20 "[!] --mark value[/mask] Match nfmark value with optional mask\n");
21 }
22
23 static const struct option mark_mt_opts[] = {
24 {.name = "mark", .has_arg = true, .val = '1'},
25 { .name = NULL }
26 };
27
28 static int mark_mt_parse(int c, char **argv, int invert, unsigned int *flags,
29 const void *entry, struct xt_entry_match **match)
30 {
31 struct xt_mark_mtinfo1 *info = (void *)(*match)->data;
32 unsigned int mark, mask = UINT32_MAX;
33 char *end;
34
35 switch (c) {
36 case '1': /* --mark */
37 xtables_param_act(XTF_ONLY_ONCE, "mark", "--mark", *flags & F_MARK);
38 if (!xtables_strtoui(optarg, &end, &mark, 0, UINT32_MAX))
39 xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
40 if (*end == '/')
41 if (!xtables_strtoui(end + 1, &end, &mask, 0, UINT32_MAX))
42 xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
43 if (*end != '\0')
44 xtables_param_act(XTF_BAD_VALUE, "mark", "--mark", optarg);
45
46 if (invert)
47 info->invert = true;
48 info->mark = mark;
49 info->mask = mask;
50 *flags |= F_MARK;
51 return true;
52 }
53 return false;
54 }
55
56 static int
57 mark_parse(int c, char **argv, int invert, unsigned int *flags,
58 const void *entry, struct xt_entry_match **match)
59 {
60 struct xt_mark_info *markinfo = (struct xt_mark_info *)(*match)->data;
61
62 switch (c) {
63 char *end;
64 case '1':
65 xtables_check_inverse(optarg, &invert, &optind, 0);
66 markinfo->mark = strtoul(optarg, &end, 0);
67 if (*end == '/') {
68 markinfo->mask = strtoul(end+1, &end, 0);
69 } else
70 markinfo->mask = 0xffffffff;
71 if (*end != '\0' || end == optarg)
72 xtables_error(PARAMETER_PROBLEM, "Bad MARK value \"%s\"", optarg);
73 if (invert)
74 markinfo->invert = 1;
75 *flags = 1;
76 break;
77
78 default:
79 return 0;
80 }
81 return 1;
82 }
83
84 static void print_mark(unsigned int mark, unsigned int mask)
85 {
86 if (mask != 0xffffffffU)
87 printf("0x%x/0x%x ", mark, mask);
88 else
89 printf("0x%x ", mark);
90 }
91
92 static void mark_mt_check(unsigned int flags)
93 {
94 if (flags == 0)
95 xtables_error(PARAMETER_PROBLEM,
96 "mark match: The --mark option is required");
97 }
98
99 static void
100 mark_mt_print(const void *ip, const struct xt_entry_match *match, int numeric)
101 {
102 const struct xt_mark_mtinfo1 *info = (const void *)match->data;
103
104 printf("mark match ");
105 if (info->invert)
106 printf("!");
107 print_mark(info->mark, info->mask);
108 }
109
110 static void
111 mark_print(const void *ip, const struct xt_entry_match *match, int numeric)
112 {
113 const struct xt_mark_info *info = (const void *)match->data;
114
115 printf("MARK match ");
116
117 if (info->invert)
118 printf("!");
119
120 print_mark(info->mark, info->mask);
121 }
122
123 static void mark_mt_save(const void *ip, const struct xt_entry_match *match)
124 {
125 const struct xt_mark_mtinfo1 *info = (const void *)match->data;
126
127 if (info->invert)
128 printf("! ");
129
130 printf("--mark ");
131 print_mark(info->mark, info->mask);
132 }
133
134 static void
135 mark_save(const void *ip, const struct xt_entry_match *match)
136 {
137 const struct xt_mark_info *info = (const void *)match->data;
138
139 if (info->invert)
140 printf("! ");
141
142 printf("--mark ");
143 print_mark(info->mark, info->mask);
144 }
145
146 static struct xtables_match mark_match = {
147 .family = AF_UNSPEC,
148 .name = "mark",
149 .revision = 0,
150 .version = XTABLES_VERSION,
151 .size = XT_ALIGN(sizeof(struct xt_mark_info)),
152 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_info)),
153 .help = mark_mt_help,
154 .parse = mark_parse,
155 .final_check = mark_mt_check,
156 .print = mark_print,
157 .save = mark_save,
158 .extra_opts = mark_mt_opts,
159 };
160
161 static struct xtables_match mark_mt_reg = {
162 .version = XTABLES_VERSION,
163 .name = "mark",
164 .revision = 1,
165 .family = AF_UNSPEC,
166 .size = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
167 .userspacesize = XT_ALIGN(sizeof(struct xt_mark_mtinfo1)),
168 .help = mark_mt_help,
169 .parse = mark_mt_parse,
170 .final_check = mark_mt_check,
171 .print = mark_mt_print,
172 .save = mark_mt_save,
173 .extra_opts = mark_mt_opts,
174 };
175
176 void _init(void)
177 {
178 xtables_register_match(&mark_match);
179 xtables_register_match(&mark_mt_reg);
180 }
Various project for iptables